Back to skill

Security audit

Openclaw Configurator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw configuration helper, but users should review generated memory and heartbeat files before using them.

Before installing, review any generated MEMORY.md, USER.md, TOOLS.md, and HEARTBEAT.md content. Do not include passwords, API keys, account numbers, private keys, or unnecessary personal history, and only use daemon or public-channel settings when you understand the access-control implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The schema mandates a MEMORY.md structure with persistent memories, user preferences, and relationship milestones, which goes beyond simple configuration generation into collecting and normalizing long-term user data. In the context of an assistant configurator, this creates a privacy and data-minimization risk because it encourages durable storage of personal information and relational profiling, despite only a weak top-level constraint that PII must not be stored in plaintext.

Description-Behavior Mismatch

Low
Confidence
79% confidence
Finding
The schema requires HEARTBEAT.md with periodic productive checklists and other runtime behavior artifacts, which shifts the skill from static configuration generation into ongoing operational policy generation. While not inherently malicious, embedding runtime governance in generated files can normalize persistent agent behavior and create hidden policy surfaces that users may not expect from a configurator.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.